Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Microsoft.Sbom.Targets] Mark as DevelopmentDependency #714

Closed
Tracked by #693
KalleOlaviNiemitalo opened this issue Sep 19, 2024 · 0 comments · Fixed by #726
Closed
Tracked by #693

[Microsoft.Sbom.Targets] Mark as DevelopmentDependency #714

KalleOlaviNiemitalo opened this issue Sep 19, 2024 · 0 comments · Fixed by #726
Labels
needs triage Default status upon issue submission

Comments

@KalleOlaviNiemitalo
Copy link

KalleOlaviNiemitalo commented Sep 19, 2024

Microsoft.Sbom.Targets.csproj should set <DevelopmentDependency>true</DevelopmentDependency> so that, when dotnet add package adds the Microsoft.Sbom.Targets package to a project, the PackageReference item gets this kind of metadata by default:

    <PackageReference Include="Microsoft.Sbom.Targets" Version="2.2.8">
      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
      <PrivateAssets>all</PrivateAssets>
    </PackageReference>

Then, any NuGet package built from that project will not declare a dependency on Microsoft.Sbom.Targets. The DevelopmentDependency setting is documented in https://learn.microsoft.com/nuget/reference/msbuild-targets#pack-target and https://github.com/NuGet/Home/wiki/DevelopmentDependency-support-for-PackageReference.

DevelopmentDependency does not matter if the PackageReference is automatically added by .NET SDK as in dotnet/sdk#43151, because dotnet add package is not used in this case; but it can be useful if the package is used with an older SDK that does not do so, or perhaps if the developer wants to use a specific version of Microsoft.Sbom.Targets instead of the SDK default.

Originally posted by @KalleOlaviNiemitalo in #674 (comment) and then #693 (comment)

@KalleOlaviNiemitalo KalleOlaviNiemitalo changed the title [Microsoft.Sbom.Targets] DevelopmentDependency [Microsoft.Sbom.Targets] mDevelopmentDependency Sep 19, 2024
@KalleOlaviNiemitalo KalleOlaviNiemitalo changed the title [Microsoft.Sbom.Targets] mDevelopmentDependency [Microsoft.Sbom.Targets] Mark as DevelopmentDependency Sep 19, 2024
@sfoslund sfoslund added the needs triage Default status upon issue submission label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs triage Default status upon issue submission
Projects
None yet
2 participants